Honeypots mailing list archives
Re: Honeyd Webcast follow[-up] & arpd question
From: papaia.a () home ro
Date: Sun, 23 Nov 2003 21:49:16 -0600
Finally got the chance to listen to the webcast (Sunday night is the only part of the day "free", in the week, for some of us ... who actually don't have a life;)) - very good and convincing. Very nice job, Lance! I will take the freedom of asking here a question which I would have asked, have I had the chance to listen to the webcast "live": has anybody done any serious investigation about the effects of running arpd on a DHCP network (related to Lance's observation during webcast, about starting arpd "small", due to possible problems - thus my assumption about this problem having been discussed before)? My personal experience is that - on a Windows based network, where the machines seem to be very chatty by definition - arpd seems to overcome the capability of any new system attempting to obtain an IP address via DHCP, i.e. once started, arpd takes over almost immediately all available addresses, and does not seem to release them?!? I was able to totally DoS a DHCP network of Windows machines, by simply running arpd ... no others were able to grab an address anymore. Anybody?!? TIA, Papaia On Wednesday 19 November 2003 08:18 pm, Lance Spitzner wrote:
I recently did a SANS webcast on Honeyd and was asked two questions I did not know the answer to. I stated in the webcast I would find out the answers and reply to the maillist. After following up with Niels, this is what I learned. - Can Honeyd support IPv6? No. (that was easy :) - Does the uptime option always give the same time set in the confirmation, or does it incrementally increase? It incremently increases as you would expect it to. Always learning something new :)
Current thread:
- Honeyd Webcast follow Lance Spitzner (Nov 19)
- Re: Honeyd Webcast follow[-up] & arpd question papaia . a (Nov 24)